More on KentOnline
Home Kent Business County news Article
At the click of a button, scammers were able to steal nearly £20,000 from Tim Hill’s business.
Staff at his printing firm Speedscreen in Maidstone were duped by an email last year pretending to be from him, asking for large payments to be made.
“It really is a very simple but convincing con which, like many of these things, is easier to spot in hindsight,” said Mr Hill, who was on holiday at the time.
“They send out an urgent message, from the boss to the accounts department, saying a payment must be made into another account immediately.
“They work on the hope that staff will blindly follow the boss’s instruction and not query it.
“To lose almost £20,000 is a big hit on a small company like ours and I want to put this warning out there so others don’t fall foul of this scam like we did and that accounts departments are aware.”
Mr Hill’s story is an increasingly familiar one at a time of heightened awareness about cyber security.
The NHS was hit with a ransomware attack in May, which locked files and demanded payments in bitcoin to regain access.
The global attack affected 300,000 computers in 150 countries.
“There’s a lack of understanding of what these cyber attacks are,” said Mark Philip, a service account manager at ADM Computing in Canterbury.
“The perception is they go after high profile targets like the NHS or big business and that small businesses wouldn’t have anything they would want.
“People don’t realise that actually a lot of these attacks are very opportunistic, sending emails by the millions in the hope someone clicks on the link and they can try to extort money.
“People don’t realise that actually a lot of these attacks are very opportunistic, sending emails by the millions in the hope someone clicks on the link and they can try to extort money..." - Mark Philip, ADM Computing
“We are seeing a mixed bag. Some are very prepared and some less so.
“Your people are your greatest risk.”
The phenomenon is becoming more common. Research from the Federation of Small Businesses (FSB) shows two-thirds of its members have been victims.
On average firms have faced attacks on at least four occasions, costing each business almost £3,000 in total.
FSB Kent development manager Alison Parmar said: “A cybercrime attack could mean downtime for staff, lost contracts, lost data or lost income.
"We strongly urge all small business owners to make sure their systems are backed up and well-protected.
“We believe the focus of government and private sector policy and practices should be to increase resilience rather than simply cyber security.”
Matt Parkinson, technical director of data centre firm VooServers in Maidstone, said: “In our industry we say there are two types of companies: those that have had a data breach and those that don’t know they have had one.”
New EU regulations are also about to make the environment tougher for companies which hold large amounts of data.
The General Data Protection Regulation coming into force in May next year will impose heavy fines for companies found to have failed to protect the personal information of clients.
This could be up to €20m or 4% of annual turnover, whichever is greater, for the worst breaches. Firms will also be leaving themselves open to compensation claims from individuals.
Debbie Venn, a partner at Maidstone law firm asb law, said: “It’s a double-edged sword but if you can show you have taken appropriate measures before you were hacked, then the level of fine might not be as bad.
"This should be something on the risk register at board level. Cyber security is a potential risk area which can cause huge disruption to a business.
“It is not just an IT issue. It needs to be considered at all levels of the business. You need a disaster recovery plan in place.”
One of the best remedies is educating staff. Jacqueline Offen, director at IT support firm JJ Systems in Canterbury, said: “Every computer user needs to be aware of the threat of cybercrime.
“We know many people who have been duped through a seemingly innocent email which looks like it comes from your boss, asking for a payment.
"The loss to business runs into the tens of thousands.”